The dangers of WordPress Plugins Ignorance (And ways to Combat it) The dangers of WordPress plugins Ignorance
I was getting extremely angry.
My site was bouncing around for several hours being slow to load and completely inactive, so I determined to contact my host provider. All they could tell me was that it appeared to be connected with one plugin that I have on my blog.
Then the lightbulb that was in my head came to life The reason was that I had just installed a brand new plugin a couple of hours prior. Around the same time my site started acting oddly. It was a bit odd.
I quickly (well, slowly actually) I logged in to my website and deactivated the offending plugin. Bingo. Site returned to normal.
The same thing has occurred to virtually all users of WordPress for any period of time: plugin issues that cause your website to go down. Many of us still use plugins to download and uninstall in a flurry but aren't aware of the risks that are involved. Some users are well aware of about the risks we are facing and still fulfill our endless craving for plug-ins without awareness of the dangers lurking around the corner.
In short, most WordPress users are a bit naive when it comes to their sites. In this piece, I'm going to highlight the potential dangers of plugins ( especially free ones) and offer my hope that it will be an effective argument in opposition to the unending expansion of plugins to your WordPress site.
How Much Harm Can the Plugin Actually Do?
In simple terms, an WordPress plugin is a program which enhances the capabilities that comes with WordPress. It is a plugin that enhances the capabilities of the Content Management System (CMS). The creation of plugins started as programmers sought to expand WordPress's capabilities without altering its fundamental structure.
Today and with more than 28,000 plugins for free being used, WordPress can do practically anything that you think of (and even if it can't there's a chance that someone is working on it).
The plugins are the heartbeat of WordPress. They've played a huge part in its rapid growth and development to be the supreme in WordPress's CMS kingdom. Without plugins WordPress is an extremely limited website.
The software you select to use can be extremely important in its effect on the speed of your site as well as for the major of the time, it's component of WordPress and can thus influence your complete WordPress installation. For example, my blog had recently experienced slowdowns due to one plugin. It's not a secret that these few files could have an enormous impact on the performance of your blog.
To this end, WordPress users should be aware that they are putting their site's health in the shoulders of developers each whenever they make use of an extension. If the developer is good in his work and has a sense of duty, the likelihood of having issues with the plugin are very low (although it's not 100 percent certain). Unfortunately many developers aren't in charge of the plugins that they develop.
When we install the plugin, anything can occur. The speed at that your site is loaded could be greatly affected. It could be completely wiped out. In fact, some non-trustworthy developers create bad plugins (or hack into otherwise trusted plugins) and have no intention aside from causing people pain. That's the danger is present every time we press the activate button.
The Problem is with WordPress.org
WordPress.org is wonderful for a variety of reasons However, it's not completely free of flaws. At the time of writing there's an enthralling amount of plugins available that are available on WordPress.org. However, the vast majority are
- Not up-to-date
- buggy,
- bloated,
- Unsecure or
- The combination of combination of any or all of the above.
Even the strongest and robust plugins are susceptible to a vulnerability. In May 2013, Sucuri identified a security issue that was present in the highly well-known W3 Total Cache and WP Supercache. WP Supercache plug-ins. The two plug-ins are credited with more than 7.5 million downloads in total, which shows just how much damage such security vulnerabilities can cause.
In a similar vein, in a recent blog post about ManageWP I addressed bugs that exist within the popular SEO by Yoast plugin. Joost de Valk is an acclaimed designer, and he swiftly resolved the issue but, WordPress.org discovered that numerous users had tagged SEO Yoast's latest updates as uncompatible.
SEO created by Yoast is at its peak, however these instances show that no one -including the top-rated developerscannot be guaranteed to work in the case of WordPress plugins.
WordPress.org is an advantage or a curse, and it is certainly an application that must be handled with care.
Security issues in WordPress
I've written about WordPress security often -- on my own blog as well as on ManageWP and in a coming post on Smashing Magazine and beyond.
I've talked with a lot of specialists on this subject -as individuals who are working directly with the WordPress core. Most of them say that: The WordPress core is very secured. However, things could get a bit tangled when influenced by outside sources (from plugins in addition to the human factor).
When a WordPress user chooses to change the password of their account to "password" Then there is nothing WordPress could take to protect itself against attack using the force of brute. This isn't a problem for WordPress, though -- it's a matter of the inexperience of the user.
Similarly, should you as an WordPress user chooses to install a plugin that is vulnerable to security issues in the core, it's not responsible for the consequences that follow. Every software that you install poses an opportunity to encounter security problems.
Absolutely premium plugins are secure?
I am sure that if a study was conducted, it would be found that the ratio of buggy/bloated/insecure plugins to "healthy" plugins would be far more favorable amongst premium plugins. However, that doesn't mean all premium plugins are excellent and it is not wise to think that way.
Personally, I'd recommend buying only from companies with good and established reputations.
If, for instance, you download a plug-in or plugin from WooThemes (free or not) you are assured that it has been developed with care and is highly likely to have no negative impact on speed, security or performance of your site.
If you're on the other side, you stumble across some website you've never seen before, and which claims to sell a great plug-in, it's best to be cautious.
Then What Should You Do Next?
This isn't saying you must remove all of your plugins and crawl into the corner in the fetal position. However, I suggest suggesting that you take a look at the worth of every plugin you've put on your website with care. It could be unsafe, could be draining your resources or be slow and inefficient. But if it's not within the system, it's not going be able to interact with it.
Recently, I re-examined the functions of my website and was able to get rid of 60percent of the used plugins with no impact in performance. I've replaced a few plugin features with simple (and clear) code fragments, I realized that the vast most other functions don't need the use of a plugin. For instance, although plugins that permit you to swiftly insert tracking analytics codes in your site are great for beginners however, those who have built the child theme prior to this point should have no problem putting the code in header.php.
In the event that you're left with an (hopefully) smaller amount of plugins, make an additional review to confirm you truly require each one. It's possible that you'll be amazed after taking an objective look at the listing.
Then, it is time to conduct a final sweep. Think about the following issues for each plugin:
- Who was the one who invented the idea?
- The last time this was changed?
- Does it have a solid foundation?
You should know what to do, based on the responses to these questions.
Final Reflections
Your site is only safe and reliable according to the code it's built up. It is recommended that plugins come from trusted developers.
There are also many available plugins that are responsible developed as well as extremely coded. Be sure to do your research to make sure that you're staying away from harmful plugins.
However, the majority of high-end plugins are dependable However, that does not suggest that that all of them are trustworthy. Beware of making assumptions.
If If nothing else works you can simply go back to the gold standard of wisdom: less is more.
Do you have any personal policies for installing plugins to your WordPress site(s) or are you also having thoughts on plugins? Please share your thoughts in the comment section below!
Article was first seen on here